Would video-based captcha be more than text based?
RIT graduate student Kurt Alfred Kluever is conducting an experiment for his MS thesis in Computer Science about the use of video-based Captchas (distorted string of text which the user is forced to transcribe).
I just completed his test at http://sudbury.cs.rit.edu. It got me thinking, and I was wondering about how difficult it is now for people to decipher the distorted text, if using video would make the task easier, and how more efficient would it be in terms of keeping away automated programs (robots).
Thanks for your responses!
(Note: This is only about video tagging. Accessibility issues for visually or hearing impaired users are not included here, which deserves a whole discussion on its own!)
Clarification added July 3, 2008:
Please correct question: Would video-based captcha be easier than text based and more effective?
Good Answers (2)
Stewart A
Information Security Consultant - CISSP - I enable business through effective security practices.
Best Answers in: Information Security (17), Computer Networking (4), Computers and Software (2), Web Development (2), Intellectual Property (1), Enterprise Software (1), Information Storage (1), Software Development (1), Using LinkedIn (1)
Kelly,
Flash based captcha has been very effective, usually combined with java technology to be implemented. Once example is jfCAPTCHA.
These usually have a rolling background image with animated text. It is lightweight as far as bandwidth is concerned and will be more compatible that a video based solution.
Readability for humans is excellent, and being a flash file, not very manageable for automated decoding.
Hope that helps!
Stewart Allen
Information Security Consultant
I concur with the opinions below. The best Captcha would be a Flash based question and answer bank that required a human to answer a question with randomized graphical answers. Questions like: "Which of the following pictures is a dog?" The answers would have to show up in different places - randomly and the Q&A bank would have to be significantly large enough to foil the porn-spam guys who recruit real humans to solve the problem.
Note, however, that no captcha is infallible. ... forever.
Clarification added July 8, 2008:
Additionally, the potential answer set should be larger than what is displayed to each individual answerer. i.e. put pictures of 25 animals in the answer pool, and have 5 correct results. Randomize the one correct answer with the x incorrect possible answers.
And - IP filtering and monitoring MUST be in place to slow down the ability of the spammers to build a database of questions & answers.
More Answers (3)
Dan M
CCIE #2495, CISSP #78281, CNX
Best Answers in: Computer Networking (6), Information Security (1)
No, it would suffer the same limitation as static captchas. The spammers will still put them in front of their porn sites and have real humans solve them, then cache the results.
Patrick F
Computer and Network Support Technician Graduate
Best Answers in: Government Policy (1), Compensation and Benefits (1), Internationalization and Localization (1), Property Law (1), Derivatives Markets (1), Computers and Software (1), Telecommunications (1)
I hate captcha's personally but realize they're there for a reason.
The thing is that as computers get more powerful and better algorithms are developed captcha's get 'out of date' because spammers will be able to get a reasonable (25% or higher) chance of their programs getting it right.
Also Video based captcha's would use alot more bandwidth. What you might be interested in is something akin to KittenAuth. Basically it gives you a grid of 3x3 pictures where you select
Links:
Clarification added July 4, 2008:
where you select say kittens out of the pictures (though it could be something like dogs or tennis balls or cars)
Gahlord D
Strategist and Maker of Things
Best Answers in: Web Development (3), Internet Marketing (2), Manufacturing (1), Market Research and Definition (1), E-Commerce (1)
Complete sentences for questions yield results?
But seriously....
I'm answering your question in order that you asked. Sure you can ignore your accessibility issues and that's grand but it still doesn't solve your non-existent problem with your non-existent-exclusive technology any more than asking trained martial artists at an airline check-in whether they have a boxcutter on their person. Security theater.
Regulation issues:
Ever hear of Section 508?
Value (aka "how your rent is paid") issues:
Assuming we have your preferred video software installed (because we like you or maybe a video standard happened somewhere?) and the value of that software plus the value of your content made it worth it for us to spend N seconds watching your captcha video (where N is the length of your video captcha). Then....
Prevention (aka: stopping comment spam will result in significant financial improvement, so significant that you already are prepared for any of the above questions?):
As a commenter/participant in your conversation is it worth it for me to read your entire article _and_ wait for the video to play _and_ enter code in order to give you my response? Really?
Why don't you just turn off comments? What stops you from turning off comments if you are so secure?
----
So, in answer to the two questions posed by your clarification on July 3rd 2008 which asked:
"Would video-based captcha be easier than text based and more effective?"
1) Would it be easier? -- No.
2) Would be more effective? -- Depends.
